When you enable Aurora Focus in a device policy and assign that policy to devices and zones, the Aurora Focus agent on each device collects events and stores data in the Aurora Focus database. The agent does not collect data until you enable Aurora Focus.
Verify that the Aurora Protect Desktop application control feature is not enabled. Application control is designed for fixed function devices that do not change after setup (for example, point-of-sales machines). If application control is enabled, the Aurora Focus agent will not function as expected.
- In the management console, on the menu bar, click Policies > Device Policy.
- Create a new policy or click an existing policy.
- On the Focus Settings tab, enable Focus.
- If you want to enable the automatic upload of threat-related focus data from the Aurora Focus database to the console, enable Auto-upload focus data for threats. If you do not select this option, you must use the console to request focus data for devices.
- If you want to enable the automatic upload of memory-related focus data from the Aurora Focus database to the console, enable Auto-upload focus data for memory protection.
If you do not select this option, you must use the console to request focus data for devices.
- In the Max storage size field, specify the maximum amount of storage, in MB, that the Aurora Focus agent can access on the device. The default value is 1000 MB.
- In the Configurable sensors section, select the optional Aurora Focus sensors that you want to enable. Note that the optional sensors are supported for 64-bit operating systems only.
- If you want to associate a detection rule set with the device policy, in the Detection rule set drop-down list, click a rule set.
- If you want to allow the Aurora Focus agent to provide OS notifications to the user on Windows or macOS devices, enable Desktop notifications.
- Click Save.
- Assign the policy to devices or zones.
- If you want to prevent users from being able to stop the services for the Aurora Focus agent for Windows (Aurora Focus 3.1 or later with Aurora Protect Desktop 3.0 or later) and macOS (Aurora Focus 3.3 or later with Aurora Protect Desktop 3.1 or later), in the device policy, on the Agent Settings tab, enable Prevent service shutdown from device. When this setting is enabled, a macOS user can only stop the service if the Self Protection Level in the device properties is set to Local Admin (Assets > Devices > click the device). Windows users cannot stop the agent service as long as this setting is enabled.
- If you want users to have to provide a password to uninstall the Aurora Protect Desktop agent, the Aurora Focus agent for Windows version 3.1 or later, and the Aurora Focus agent for macOS version 3.3 or later, in Settings > Application, turn on Require Password to Uninstall Agent. Using this feature for the Aurora Focus agent for macOS also requires Aurora Protect Desktop version 3.1 or later.
